package com.paw.oauth2.server.config;

import com.paw.oauth2.server.service.DefaultClientDetailService;
import com.paw.oauth2.server.service.DefaultUserDetailService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

/**
 * @author lvzihai
 * @date 2021/7/14
 **/
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

  @Autowired
  private AuthenticationManager authenticationManager;

  @Autowired
  private TokenStore tokenStore;

  @Autowired
  private DefaultClientDetailService clientDetailService;

  @Autowired
  private PasswordEncoder passwordEncoder;



  @Override
  public void configure (AuthorizationServerSecurityConfigurer security) throws Exception {
//    security.allowFormAuthenticationForClients();
//    security.tokenKeyAccess("isAuthenticated()");
    security.tokenKeyAccess("permitAll()")
        .checkTokenAccess("isAuthenticated()");
    security.allowFormAuthenticationForClients();
  }

  @Override
  public void configure (ClientDetailsServiceConfigurer clients) throws Exception {
//    String password = passwordEncoder.encode("123456");
//    clients
//        .inMemory()
//        .withClient("client_1")
//        .secret(password)
//        .scopes("read").autoApprove(true)
//        .authorities("USER")
//        .authorizedGrantTypes("refresh_token","authorization_code","password","client_credentials")
////        .resourceIds("*")
//    ;

    clients.withClientDetails(clientDetailService);
  }

  @Override
  public void configure (AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints
        .tokenStore(tokenStore)
        .tokenEnhancer(jwtAccessTokenConverter())
        .authenticationManager(authenticationManager)
        .allowedTokenEndpointRequestMethods(HttpMethod.POST,HttpMethod.GET);

  }


  @Bean
  public TokenStore jwtTokenStore() {
    return new JwtTokenStore(jwtAccessTokenConverter());
  }

  @Bean
  public JwtAccessTokenConverter jwtAccessTokenConverter() {
//    KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(new ClassPathResource("test-jwt.jks"), "test123".toCharArray());
//    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
//    converter.setKeyPair(keyStoreKeyFactory.getKeyPair("test-jwt"));

    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    //  Sets the JWT signing key
    converter.setSigningKey("jwtKey");
    return converter;
  }

}
